Scott's WeblogThe weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Technology Short Take 109

Welcome to Technology Short Take #109! This is the first Technology Short Take of 2019. It may be confirmation bias, but I’ve noticed of number of sites adding “Short Take”-type posts to their content lineup. I’ll take that as flattery, even if it wasn’t necessarily intended that way. Enjoy!

Networking

Niran Even-Chen says service mesh is a form of virtualization. While I get what Niran is trying to say here, I’m not so sure I agree with the analogy. Sometimes analogies such as this are helpful, but sometimes the analogy brings unnecessary connotations that make understanding new concepts more difficult. One area where I do strongly agree with Niran is in switching your perspective: looking at service mesh from a developer’s perspective gives one quite a different viewpoint than viewing service mesh in an infrastructure light.

Jim Palmer has a detailed write-up on DHCP Option 51 and different behaviors from different DHCP clients.

Cloud Computing/Cloud Management

Here’s another “getting started” post, this time from Kyle Galbraith and this time focusing on AWS Elastic Beanstalk. Elastic Beanstalk is an AWS service that I’ve heard mentioned a lot, but Kyle’s post was helpful in breaking it down and comparing it to other services.

Operating Systems/Applications

Jorge Salamero Sanz describes how to use the Sysdig Terraform provider to do “container security as code.” I’m a fan of Terraform (despite some of its limitations), so it’s kind of cool to see new providers coming online.

This project purports to help you generate an AWS IAM policy with exactly the permissions needed. It’s a bit of a brute force tool, so be sure to read the caveats, warnings, and disclaimers in the documentation!

I do manage most of my “dotfiles” in a Git repository, but I’d never heard of rcm before reading this Fedora Magazine article. It might be something worth exploring to supplant/replace my existing system.

I found this article by Forrest Brazeal on a step-by-step exploration of moving from a relational database to a single DynamoDB table to be very helpful and very informative. DynamoDB—along with other key-value store solutions—have been something I’ve been really interested in better understanding, but never could quite understand how they fit with traditional RDBMSes. I still have tons to learn, but at least now I have a bit of a framework by which to learn more. Thanks Forrest!

Steve Flanders provides an introduction to Ambassador, an open source API gateway. This looks interesting, but embedding YAML configuration in annotations seems…odd.

Mark Hinkle, a co-founder at TriggerMesh, announces TriggerMesh KLR—the Knative Lambda Runtime that allows users to run AWS Lambda functions in a Knative-enabled Kubernetes cluster. This seems very powerful to me, but I’m no serverless expert so maybe I’m missing something. Would the serverless experts care to weigh in?

Storage

Virtualization

Paul Czarkowski talks about how the future of Kubernetes is virtual marchines. The title is a bit of linkbait; what Paul is really addressing here is how to solve the multi-tenancy challenges that currently exist with Kubernetes (which wasn’t really designed for multi-tenant deployments). VMs provide good isolation, so VMs could be the method whereby operators can provide the sort of strong isolation that multi-tenant environments need. One small clarification to Paul’s otherwise excellent post: by admission on their own web page, gVisor is not a VM container technology, but rather uses a different means to providing additional security.

In the infamous words of Porky Pig, that’s all folks! Feel free to engage with me on Twitter if you have any comments, questions, suggestions, corrections, or clarifications (or if you just want to chat!). I also welcome suggestions for content to include in future instances of Technology Short Take. Thank you for reading!